Vulnerability Details CVE-2020-12595
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.5%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
- https://support.broadcom.com/security-advisory/content/security-advisories/Privilege-Escalation-and-Information-Disclosure-Vulnerabilities-in-SMG/SYMSA16609
- https://support.broadcom.com/security-advisory/content/security-advisories/Privilege-Escalation-and-Information-Disclosure-Vulnerabilities-in-SMG/SYMSA16609
Products affected by CVE-2020-12595
-
cpe:2.3:a:broadcom:symantec_messaging_gateway:-
-
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.5
-
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.0
-
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.6.1
-
cpe:2.3:a:broadcom:symantec_messaging_gateway:10.7
-
cpe:2.3:a:broadcom:symantec_messaging_gateway:9.5